📣 Join our Flight Deck mobile engineering meetup on Nov 20th in SF — RSVP
📣 Join our mobile engineering meetup on Nov 20th in SF — RSVP
Get StartedContact Sales
Product
Key features
Release management
A single source of truth
End-to-end automation
Release hands-free
Rollouts
Monitor and automate
Rollbacks
Yes, native mobile rollbacks
Build Distro
Hassle-free distribution
Mobile insights
Measure team performance
Use Cases
Runway + fastlane
Get all the way to hands-free
Release trains
Automate your schedule
Mobile DevOps
Agency for your entire team
Cross-platform
A unified control center
Learn more
Blog
Flight Deck
Security
What's new
FAQ
Webinars
Docs
Live sandbox
Integrations
Automations
Customers
Pricing
Contact SalesGet Started

Security

Runway was built with security in mind from day one. We understand data security and privacy are top of mind for our customers, so we’ve worked hard to establish and maintain a strong security posture.
AICPA / SOC 2 badge
We have achieved a SOC 2 Type 2 attestation from a certified auditor with no exceptions in the final report. We work with an AICPA-certified audit firm to evaluate our information security program and controls on an annual basis. A live dashboard showing the status of all security controls is available upon request.

Integrations are an important piece of Runway, and we’re extremely security-conscious in how we implement and maintain them. We use official APIs only, authenticated with the most modern and secure option available. Where possible, access is requested granularly.

Scroll down for some additional security highlights, and feel free to reach out to security@runway.team with any questions.
Infrastructure security and availability
  • All connections to the web application are encrypted (SSL/TLS 1.3 enforced).
  • Customer data in databases and cloud storage is encrypted at rest (AES-256).
  • Full logical separation of development and production environments, with named, dedicated accounts for each.
  • Infrastructure is continuously monitored to verify that it’s configured securely and has up-to-date security patches. All activity by employees is logged.
  • Regular vulnerability scans are performed on production environment.
  • Multiple availability zones are utilized to replicate production data across different regions.
  • Databases are backed up daily.
Product security and confidentiality
  • All integrations are connected via official APIs, authenticated with most modern option offered
  • Development process adheres to industry best practices including automated and manual testing, code reviews, continuous deployments, production logging and alerts, and regular performance benchmarking.
  • Data from expired accounts is removed after 3 days, or within 24 hours of receiving a request.
Company security and trust
  • All employees and contractors undergo background screening, and complete training programs for privacy and information security annually
  • Your data is yours to own, and we will never share or sell your data.

Need a question answered?

Please feel free to get in touch. We’ll be happy to share further details upon request.
contact usReporting a security issue or a bug?